We may earn an affiliate commission when you visit our partners.
Matthew Lloyd Davies

Explore how Volt Typhoon created a copy of the Active Directory domain database in a critical infrastructure network in order to steal credential information.

Read more

Explore how Volt Typhoon created a copy of the Active Directory domain database in a critical infrastructure network in order to steal credential information.

Adversaries often seek to extract user credentials, typically in the form of hashes or plaintext passwords, from operating systems and software. These credentials can then be used to facilitate lateral movement within a network and gain access to sensitive information. Volt Typhoon used a number of techniques to obtain credentials, including extracting them from process memory and stealing Active Directory databases (NTDS). In this course, Volt Typhoon: T1003.003 Credential Dumping Emulation, you’ll focus on how Volt Typhoon created a volume shadow copy and extracted the bootkey from the system registry hive to extract password hashes from NTDS.

Enroll now

What's inside

Syllabus

Volt Typhoon: T1003.003 Credential Dumping Emulation

Good to know

Know what's good
, what to watch for
, and possible dealbreakers
Emphasizes methods for obtaining credentials, which is necessary for network security
Focuses on a specific attack technique, providing depth of knowledge

Save this course

Save Volt Typhoon: T1003.003 Credential Dumping Emulation to your list so you can find it easily later:
Save

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Volt Typhoon: T1003.003 Credential Dumping Emulation with these activities:
Review Basic Networking Concepts
Strengthen your foundational knowledge by reviewing key networking concepts, ensuring a solid understanding for advanced topics in the course.
Browse courses on Networking Fundamentals
Show steps
  • Read through previous notes or textbooks on networking basics
  • Complete online quizzes or practice questions to test your understanding
  • Attend a refresher session or watch tutorials on fundamental networking concepts
Organize and Review Course Materials Regularly
Enhance your learning experience by regularly reviewing and organizing notes, assignments, and quizzes to reinforce key concepts.
Show steps
  • Set aside time to review materials after each class session
  • Summarize and organize notes in a logical manner
  • Review past assignments and quizzes to identify areas for improvement
  • Compile organized materials for easy reference and future use
Extract Hashes from System Registry Hives
Practice extracting password hashes from system registry hives to enhance your understanding of credential dumping techniques.
Show steps
  • Set up a lab environment with necessary tools
  • Identify target system registry hives
  • Extract hashes using appropriate tools and techniques
  • Analyze extracted hashes and interpret the results
Five other activities
Expand to see all activities and additional details
Show all eight activities
Contribute to Open-Source Security Tools
Gain practical experience and contribute to the security community by participating in open-source security tool projects.
Show steps
  • Identify open-source security tools that align with your interests
  • Join the project's community and review their codebase
  • Contribute to the project by fixing bugs or adding new features
  • Collaborate with other developers and receive feedback on your contributions
Attend a Workshop on Network Penetration Testing
Complement your knowledge by attending a workshop focused on network penetration testing, exploring techniques and tools used to identify vulnerabilities.
Show steps
  • Research and identify relevant workshops
  • Register and make necessary arrangements
  • Attend the workshop, participate actively, and take notes
  • Follow up with the instructors or organizers for additional resources
Emulate Volt Typhoon's Credential Dumping Techniques
Follow guided tutorials to replicate Volt Typhoon's credential dumping techniques, gaining hands-on experience with real-world adversary tactics.
Browse courses on Volt Typhoon
Show steps
  • Locate reputable tutorials or resources on Volt Typhoon's methods
  • Set up a lab environment with necessary tools and configurations
  • Follow tutorial instructions to execute credential dumping emulation
  • Document and analyze the results of your emulation
Develop a Threat Model for Credential Dumping Prevention
Enhance your risk analysis skills by creating a threat model that identifies potential credential dumping threats and outlines mitigation strategies.
Browse courses on Threat Modeling
Show steps
  • Define the scope and boundaries of your threat model
  • Identify assets, vulnerabilities, and potential threats
  • Analyze and assess the risks associated with identified threats
  • Develop and document mitigation strategies and countermeasures
Develop a White Paper on Credential Dumping Countermeasures
Create a comprehensive white paper to showcase your understanding of credential dumping countermeasures, emphasizing the techniques discussed in the course.
Browse courses on Credential Dumping
Show steps
  • Research and gather information on credential dumping countermeasures
  • Outline the structure and key sections of your white paper
  • Write the content, including an introduction, technical analysis, and recommendations
  • Proofread, edit, and finalize your white paper

Career center

Learners who complete Volt Typhoon: T1003.003 Credential Dumping Emulation will develop knowledge and skills that may be useful to these careers:
Penetration Tester
Penetration Testers assess the security of computer systems and networks by simulating attacks from outside and inside the organization. Volt Typhoon: T1003.003 Credential Dumping Emulation provides hands-on experience with credential dumping techniques, helping you develop the skills to identify vulnerabilities in systems.
Red Team Operator
Red Team Operators simulate attacks against an organization's systems and networks to identify vulnerabilities. Volt Typhoon: T1003.003 Credential Dumping Emulation provides hands-on experience with credential dumping techniques, helping you develop the skills to effectively assess the security posture of your organization.
Security Engineer
Security Engineers implement and manage security solutions to protect organizations from cyber threats. Volt Typhoon: T1003.003 Credential Dumping Emulation can help you build a strong foundation in security engineering and equip you with knowledge of credential dumping techniques used by attackers.
Incident Responder
Incident Responders are responsible for handling security incidents and breaches within an organization. Volt Typhoon: T1003.003 Credential Dumping Emulation can help you understand how attackers extract credential information and prepare you to respond effectively to such incidents.
Incident Commander
Incident Commanders oversee and manage the response to security incidents. Volt Typhoon: T1003.003 Credential Dumping Emulation provides valuable knowledge about the techniques used by attackers to steal credentials, which can assist you in effectively leading incident response efforts.
Network Security Engineer
Network Security Engineers design, implement, and maintain network security solutions to protect organizations from cyber threats. Volt Typhoon: T1003.003 Credential Dumping Emulation can help you build a foundation in network security and equip you with knowledge of credential dumping techniques used by attackers.
Threat Intelligence Analyst
Threat Intelligence Analysts gather and analyze information about potential threats to an organization's security. Volt Typhoon: T1003.003 Credential Dumping Emulation provides insights into the methods used by attackers to steal credentials, helping you understand potential attack vectors and develop strategies to mitigate threats.
Security Consultant
Security Consultants provide advice and guidance to organizations on how to improve their security posture. Volt Typhoon: T1003.003 Credential Dumping Emulation provides valuable knowledge about credential dumping techniques, enabling you to offer expert advice to your clients on how to protect their systems.
Cybersecurity Analyst
Cybersecurity Analysts monitor and protect computer systems and networks from unauthorized access, attacks, or other threats. Volt Typhoon: T1003.003 Credential Dumping Emulation teaches techniques used by attackers to steal credentials and how to mitigate them, which can help you build a strong foundation for a career in Cybersecurity.
Computer Forensics Analyst
As a Computer Forensics Analyst, you will investigate computer systems to discover and analyze digital evidence related to cybercrimes or other incidents. Volt Typhoon: T1003.003 Credential Dumping Emulation provides valuable insights into the methods used by attackers to steal credentials and may help you understand how to detect and prevent such attacks in your organization.
Chief Information Security Officer (CISO)
Chief Information Security Officers (CISOs) are responsible for developing and implementing the overall security strategy for an organization. Volt Typhoon: T1003.003 Credential Dumping Emulation may be useful as it provides insights into how attackers use credential dumping techniques to gain access to systems.
Security Operations Center (SOC) Analyst
Security Operations Center (SOC) Analysts monitor security systems and respond to security incidents. Volt Typhoon: T1003.003 Credential Dumping Emulation may be useful as it provides insights into how attackers use credential dumping techniques to gain access to systems.
Vulnerability Researcher
Vulnerability Researchers identify and analyze vulnerabilities in computer systems and software. Volt Typhoon: T1003.003 Credential Dumping Emulation may be useful as it provides insights into how attackers use credential dumping techniques to exploit vulnerabilities.
Malware Analyst
Malware Analysts investigate and analyze malware, developing methods to detect and prevent it from infecting systems. Volt Typhoon: T1003.003 Credential Dumping Emulation may be useful as it provides insights into how attackers use credential dumping techniques as part of malware attacks.
Security Architect
Security Architects design and implement security solutions to protect organizations from cyber threats. Volt Typhoon: T1003.003 Credential Dumping Emulation may be useful as it provides insights into how attackers use credential dumping techniques to gain access to systems.

Reading list

We've selected eight books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Volt Typhoon: T1003.003 Credential Dumping Emulation.
Provides a deep dive into the internal workings of Windows, including the Active Directory database (NTDS). It valuable resource for understanding the techniques used by Volt Typhoon to extract credential information.
Provides a comprehensive overview of hacking techniques, including credential dumping. It useful resource for understanding the broader context of Volt Typhoon's activities.
Provides a guide to Metasploit, a powerful tool for penetration testing and credential dumping. It useful resource for understanding how Volt Typhoon used Metasploit to extract credential information.
Provides a practical guide to penetration testing, including techniques for credential dumping. It useful resource for understanding the methods used by Volt Typhoon to obtain credentials.
Provides a guide to memory forensics, including techniques for extracting credential information from compromised systems. It useful resource for understanding the methods used by Volt Typhoon to obtain credentials.
Provides a hands-on guide to malware analysis, including techniques for extracting credential information from compromised systems. It useful resource for understanding the methods used by Volt Typhoon to obtain credentials.
Provides a guide to security engineering, including techniques for protecting credential information. It useful resource for understanding the methods used by Volt Typhoon to protect the credential information they obtained.

Share

Help others find this course page by sharing it with your friends and followers:

Similar courses

Here are nine courses similar to Volt Typhoon: T1003.003 Credential Dumping Emulation.
Discovery with ADRecon
Most relevant
Privilege Escalation with Certify
Most relevant
Credential Access with LaZagne
Most relevant
Mastering Group Policy on Windows Server
Most relevant
Privilege Escalation with Rubeus
Windows Server Administration Concepts: Active Directory
Credential Management and Access Control with Active...
Credential Access with Cain & Abel
Build a Toolkit with Advanced Windows Commands
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2024 OpenCourser